I can't find the error messages you are seeing in the source. Which
version of OpenCA are you using?
Anyhow, the CA tries to issue another certificate for serial 00 again.
So, somehow the mechanism for creating new serials is not working
properly in your installation. Do you use random serials? Th
On 10/02/2015 10:32 AM, Oliver Graute wrote:
> I solved my problem :-) I added the last pki dir in this compile
> option --with-cgi-fs-prefix=/usr/lib/cgi-bin/pki then rebuild and
> reconfigure everything. Then reinstall apache2 with apt-get remove
> --purge apache2 apache2.2-common apt-get install
Hello Oliver,
it seems the configure script has not properly replaced
@ca_cgi_url_prefix@, but there is no configure option
--with-ca-cgi-url-prefix. I guess it's usually generated out of the
other url-prefix settings, but for some reason not in your case.
I'd suggest to manually edit ./src/web-i
Oliver Graute gmail.com> writes:
> I'am trying to install openca-base-1.5.1 on Ubuntu 12.04. I struggling
with
> the openca apache part. All I get on my Webserver (localhost) is:
>
> Not Found
>
> The requested URL / ca_cgi_url_prefix /ca was not found on this
server.
> Apache/2.2.22 (Ubu
Hi Fabricio,
this looks like the openca daemon has crashed or is in some kind of
deadlock.
Usually, you just have to stop the openca service in order to clean up
things, and start it again.
It may take a while to become responsive again (in a VM running on old
hardware it may well be a minute and
Hi,
you are missing a line:
ScriptAlias /cgi-bin/ "/usr/lib/cgi-bin"
in your apache configuration (at least that's what you tell configure
where your cgi scripts shall be installed).
You might also want to enable ssl and switch the port to 443, and
fine-tune the access to the directories of y
Hi,
I wanted to give you all a little update. The Problem seems to be within
the OpenSSL.pm Perl module. If there is a "x"-character inside subject_o
the command fails or gives wrong output. Can someone help me with this?
best regards
Sam
Am 30.01.2015 um 10:18 schrieb Samuel Bramm:
> Hi @List,
Hi Martin,
Thank you. i solved the problem in the meantime.
best regards
Sam
Am 18.12.2014 um 16:46 schrieb Martin Hecht:
> Hi Sam,
>
> it seems to be a problem with your log configuration, which is in
> /usr/local/etc/openca/log.xml -
> or which should be in this place. I had a look at my conf
Hi Sam,
it seems to be a problem with your log configuration, which is in
/usr/local/etc/openca/log.xml -
or which should be in this place. I had a look at my configuration and
there are two slots configured,
one for syslog and one for xml-formatted log files. I have commented out
the syslog-slot
: [Openca-Users] OpenCA 1.5.1 signature not validHi Martin,
Although there are some cases of expired
RA certificates, there are others were certs are signed by a valid RA certificate
yet cannot be verified. See output from verification window below:
Cannot
build PKCS#7-object from extracted
Hi Martin,
Although there are some cases of expired RA certificates, there are others
were certs are signed by a valid RA certificate yet cannot be verified.
See output from verification window below:
Cannot build PKCS#7-object from extracted signature!
OpenCA::PKCS7 returns errorcode 79
> From: blainedw
> Sent: 08/13/2014 05:03 PM AST
> To: "Users' Help and Suggestions"
> Subject: Re: [Openca-Users] OpenCA 1.5.1 signature not valid
>
>
>
> Hi Max
>
> Have you seen this?
>
> Dave
>
>
> - Original Message -
> From
then the certificate whereas the other has
these sections reversed. So I am going to keep looking at how those files are
created.
Dave
- Original Message -
From: blainedw
Sent: 08/13/2014 05:03 PM AST
To: "Users' Help and Suggestions"
Subject: Re: [Openca-Users] OpenCA
Hi Max
Have you seen this?
Dave
- Original Message -
From: David Blaine [blain...@gdls.com]
Sent: 07/22/2014 07:53 PM GMT
To: openca-users@lists.sourceforge.net
Subject: Re: [Openca-Users] OpenCA 1.5.1 signature not valid
Is there a fix for this error? Only seems to affect records
Is there a fix for this error? Only seems to affect records that came over
from the migration.
Dave
--
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a fre
Hello Martin, I will test and give some feedback about it soon.
However, thanks to a colleague, we be able to patch OpenCA DBI module
and do some tests that fixed both problems in this thread:
- export/import problems related with CSRs with differents states
- make complete database backup in wh
Hello Nicolas,
I think you were looking at the right place. The function exportDB in
export-import.lib
holds a list of states which shall be exported. TEMPNEW is not among the
ones to
be exported, so these requests which are not validated should not even
leave the
RA. Nevertheless, it would m
Already installed? Change config.xml. Otherwise use compile options.
Dave
- Original Message -
From: Miguel Angel Robledo [marobl...@santafe.gov.ar]
Sent: 12/19/2013 01:08 PM ZW3
To: "Users' Help and Suggestions" ;
openca-de...@lists.sourceforge.net
Subject: [OpenCA-Devel] Change URL p
I reinitialized the database and tried to recover from backup but I get the
following (and it just sits there).
Test the archive ...
/bin/tar -tvf /tmp/openca_local
Importing archive ...
Load required variables ...
Changing to directory /appl/openca-1.5.1/var/openca/tmp/tmp_25738 ...
Runni
Simply delete the revocation request in the RA.
Dave
smime.p7s
Description: S/MIME Cryptographic Signature
--
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech inn
OpenCA 1.5.1 installs:
DBD-Pg 2.19.2
DBI 1.628
>From googling there used to be problems with SQL_BIGINT definition in the DBI
>driver but that has long since been corrected and should not be an issue. I
>don't believe OpenCA should be using the system's version of these but I'm not
>sure h
take a look at config.xml , there is a line about sendmail , after
changing something dont forget to run ./configure_etc.sh
the email is a verify email , once you request a new certificate it is
stored as TEMPNEW , a mail is sent to requester's email (2. E-Mail
Address field in certificate req
Hi,
I do have postfix installed. How openca send notify email? through SMTP or
just call sendmail to deliver?
I got more questions about this:
first, who will notify mail send to?
1. support_mail_address or service_mail_account in config.xml
2. E-Mail Address field in certificate request form?
Nothing , just enable sendmail to send emails , the request is stored at
DB as TEMPNEW , a comfirmation link should be emailed to you , and after
you click the link , you see your certificate request under Certificate
Requests
take a look here on how to setup sendmail with gmail
http://droo-la
Hello, I have a question about something is not very clear for me.
Reading INSTALL and INSTALL.UBUNTU files, there are things thats it
seems to be old and no more used.
For example, I always have doubs about which openssl version to use.
in INSTALL file says:
+
NOTICE:--
Check config.xml entries and also under servers/scep.conf for how to
configure SCEP (see the guide).
http://www.openca.org/projects/openca/docs/openca-guide.pdf
Dave
smime.p7s
Description: S/MIME Cryptographic Signature
-
> General Error The compilation of the command cmdIssueCertificate failed.
> Can't call method "first_child" on an undefined value at
> /usr/OpenCA/lib/functions/crypto-utils.lib line 955.
The only reference I see in my crypto-utils.lib for "first_child" is
commented out.
# $section=gettext($po
Turn on debug logging and check entries in stderr.log.
Dave
- Original Message -
From: fafoun [tbeibiim...@gmail.com]
Sent: 05/22/2013 04:18 AM MST
To: openca-users@lists.sourceforge.net
Subject: [Openca-Users] OpenCA
i can't resolve this problem
please help
General Error The com
ohammad khodaei [mailto:m_khod...@yahoo.com]
Sent: Friday, June 01, 2012 11:04 AM
To: Users' Help and Suggestions
Subject: Re: [Openca-Users] OpenCA Login Problem: Error Code: 740201
([initServer:314] No login)
I did it. Now, the warning didn't show up. I use the password I provided to
login
sers' Help and Suggestions'
Sent: Friday, June 1, 2012 4:44 PM
Subject: Re: [Openca-Users] OpenCA Login Problem: Error Code: 740201
([initServer:314] No login)
Mohammad,
The problem is that that the value in:
default_web_password
@default_web_passwo
Mohammad,
The problem is that that the value in:
default_web_password
@default_web_password@
Is NOT the actual value, but an encrypted hash value.
The easiest way to do this is change it back to
@default_web_password@
Then run configure_etc.sh again, w
>> More important... there are memory leaks in OCSP as Joachim Astel
>> told. I managed to reproduce the issue bombarding the OCSPd with
>> OpenSSL OCSP checks.
Here is the full collection of patches (latest versions) for both libpki
0.6.7 and openca-ocspd 2.1.1.
They fix memory leaks and some fu
> More important... there are memory leaks in OCSP as Joachim Astel
> told. I managed to reproduce the issue bombarding the OCSPd with
> OpenSSL OCSP checks.
Finally... the patch for the memory leak problem.
All OCSP replies were leaking. Added the free function.
diff -ur openca-ocspd-2.1.1/src/o
> Apart of this patch all seems to be working fine in the OCSP with Cisco.
> Will be making more tests soon.
I got tired of always seeing "CORE::Connection from [0.0.0.0]", so here
is another patch to show the correct address of connections.
Code explanation:
As connection is handled now by libpk
> Verified, by default OCSPd 2.1.0 doesn't work with Cisco cause sha256:
>
> ../VIEW_ROOT/cisco.comp/pki_ssl/src/ca/provider/revoke/ocsp/ocsp.c(2717)
> : E_DIGEST_ALG_NOT_SUPPORTED : message digest algorithms not supported
>
> However OCSPd is still using sha256 when signing the response:
>
> [p
> Hi Joachim,
>
> there should be an option in etc/ocspd/ocspd.xml file. In particular
> search for the digestAlgorithm option. Is that sha1 ? If that is the
> case and you needed to change the code in libpki, than there's an
> error there that I need to fix.
>
> Just to summarize: you are using
I solved installing XML-Parser-2.36
Thanks.
Nowhere wrote:
>
> Hi all,
> excuse me for silly question, but I'm a beginner and I can't figure out a
> solution. Hope you can Help me.
>
> I installed openca following steps in
> http://wiki.openca.org/wiki/index.php/Installing_OpenCA and now I tr
Hey Massimiliamo and Geert,
I have the same issue with OpenCA 1.1.0 build upon an Ubuntu system via
apt.
Cheers Felix
2011/7/15 Massimiliano Pala
> Hi Geert,
>
> it is really a strange behavior. I regularly use FF4 and FF5 and I don't
> have issues with it. You are the first one reporting this
Hi Geert,
it is really a strange behavior. I regularly use FF4 and FF5 and I don't
have issues with it. You are the first one reporting this issue. Are you
using special settings in the browser's profile ?
For Windows menus, it is a known issue. So far, the main issues were with
IE8 on Win7, but
Hi Max,
Thanks for the response. Yes, MySQL was running. The error message was a
valid "Access Denied" response from the database server, because the
password wasn't being sent in the response.
I had to edit the DBI.pm and hard-code the password in order to get the
openca_start to run and the dat
Hi Massimiliano,
thanks for debugging request, here's the backtrace.
I hope it helps. :-)
Greetings
-Achim
Massimiliano Pala writes:
> Hi Joachim,
>
> could you run the OCSPD in a debugger:
>
> $ cd /opt/ocspd < I assume the OCSP is installed here
> $ sudo gdb sbin/ocspd
> gdb> s
Hi,
you might want to check that mysql is responding on localhost port 3306
by doing:
$ telnet localhost 3306
if it works, great. If it does not, you need to check the mysql config.
If, instead you need to change the default configuration in openca,
remember to change the .template files, no
Hi Joachim,
could you run the OCSPD in a debugger:
$ cd /opt/ocspd < I assume the OCSP is installed here
$ sudo gdb sbin/ocspd
gdb> set args -c etc/ocspd/ocspd.xml
gdb> run
...
bombard the OCSPD with a lot of requests... and when the OCSPD dies, do
the following:
$ backtrace
t
Hello Max,
I really haven't had any time to setup a new OpenCA to test the problem
with the Cisco and submit a SR in Cisco TAC. Pretty busy lately :(
If you or anyone have a test or working CA with SCEP I could test
requesting and installing certificate through SCEP and then validating
the certifi
I wanted to say hallo to the mailing-list with an update:
1.
OCSP2 ist now working with Cisco routers (with its RSA BSAFE implementation
for cerfiticate handling).
You just have to remove the "validity" configuration within ocspd.xml
2.
Now it works quite well, but there still seems a memory
Hi Carlos,
if you could file a bug report, that would be great. On my side, I am
thinking about adding an option in the OCSPD configuration file that
will force the signatures to use sha1 also when the OCSPD certificate
is signed with sha256. I think that would solve, temporarily the problem.
Che
Hello,
> BUT: we've tracked down that OCSP daemon answer which is signed, may not
> be signed with a hash-size > SHA-1, even with IOS 12.4(15)T or IOS 15.
> When the OCSP answer is signed with SHA-256 from the OCSP daemon,
> the cisco router simply responds with:
>"E_DIGEST_ALG_NOT_SUPPORTED :
Hi Carlos,
> "Cisco IOS SHA-2 Support for PKI" (that is SHA-256, SHA-384, SHA-512)
> was introduced mainly in IOS 12.4(15)T in almost all platforms.
It's right, Cisco can handle certificates with >= SHA-256, of course,
since 12.4(15)T.
BUT: we've tracked down that OCSP daemon answer which is sig
Hello,
I can give some info here.
> I don't
> understand why the CISCO router would not be able to validate that!
> SHA1 is not supposed to be used for signatures anymore!!!
It depends on the IOS version in the Cisco.
"Cisco IOS SHA-2 Support for PKI" (that is SHA-256, SHA-384, SHA-512)
was intr
Hi Joachim,
there should be an option in etc/ocspd/ocspd.xml file. In particular
search for the digestAlgorithm option. Is that sha1 ? If that is the
case and you needed to change the code in libpki, than there's an
error there that I need to fix.
Just to summarize: you are using a RSA+SHA256 as
Hi,
yes, it is possible and desirable. For the CA, also, it is possible to
automate some of the functionalities so that you rarely need to connect
to the CA anyway.
Most of the operations are performed (for admin) via the RA interface.
Best,
Max
On 06/08/2011 02:00 AM, Arijit Bose wrote:
>
> D
Hello Max,
Thank you for your reply.
Right now we just have 1 node with 1 internal MySQL for testing. Our
next step is to implement the HA design.
My planning with OpenCA would be to install online and offline nodes in
both servers and use the same CA certificate in both. Will this work?
For the
Hi Norbert,
in OpenCA there is no support for renewing certificates by using SCEP. Maybe
we could implement that easily, but since re-keying is usually the best way
to go when it comes to renewing identities, you might want to evaluate that
approach instead (no reusing the same key after it's "ex
Hello Carlos,
I don't think there's gonna be any issue with using the setup you
are using now. I suggest you to wait for the new version of the
OCSPD to be available or, if you want, I can send you the new code
to be tested in your environment.
Let me know,
Cheers,
Max
On 05/20/2011 09:52 AM,
Hello:
Although it doesn't seem to be related to your problem, I followed
instructions on http://wiki.openca.org/wiki/index.php/OpenCA_PKI_v1.1.1 and
solved this problem.
Cheers.
*- Francisco*
On Thu, Apr 14, 2011 at 7:20 AM, 杨政权 wrote:
> Hello,It occurred an error when I install OpenCA 1.1.
Hello
you probably need the development files for PostgreSQL
(postgresql-server-dev-8.4 or postgresql-server-dev-9.0) in order to
build OpenCA with PostgreSQL support. For MySQL, they are
libmysqlclient-dev.
Andrei
On Sat, Oct 16, 2010 at 10:28 PM, silviuk wrote:
>
> Hello,
>
> I am trying to i
Let's check the basics...
What database type do you put in the 'configure' command?
Or in the config.xml?
Jorge
--
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games
Hi,
I do apologize for wasting your time!
The problem is solved.
I wrote the full path to openssl in the token.xml file and the problem is
solved!
I don't know the cause of this series problems but now there's not any
problem.
thanks,
good luck
zaxary wrote:
>
> Hi everybody,
>
> I met a b
Bump
This is an e-mail from General Dynamics Land Systems. It is for the intended
recipient only and may contain confidential and privileged information. No one
else may read, print, store, copy, forward or act in reliance on it or its
attachments. If you are not the intended recipient, p
Afaicr, are the people of cacert.org using (parts) of an ancient version of
openca.
HW
- Oorspronkelijk bericht -
Van: Eduardo Figoli
Aan: Openca-Users@lists.sourceforge.net
Verzonden: Fri Apr 09 18:05:35 2010
Onderwerp: [Openca-Users] OpenCA within medium/large organizations
Hi,
C
Max,
On Mon, Mar 22, 2010 at 11:08 AM, Massimiliano Pala
wrote:
> I hope to see your comments on the list again soon :D Anyhow, thanks for
> the feedback - if you need specific help with the installation, let me know.
Well, I got everything automated & working via my own scripts, and
then was st
Hi Ben,
I hope to see your comments on the list again soon :D Anyhow, thanks for
the feedback - if you need specific help with the installation, let me know.
You might also look at the binary packages (if available for your system)
which should ease the installation process.
Unfortunately, manag
Max,
On Mon, Mar 22, 2010 at 9:43 AM, Massimiliano Pala
wrote:
> Hi Ben,
>
> AFAIK is an old option that should be removed :D Unless someone has any
> reason to keep and maintain it (I think it is completely ignored at the
> moment).
I'm clearly 'not ready' for openCA in its current state -- bet
Hi Ben,
AFAIK is an old option that should be removed :D Unless someone has any
reason to keep and maintain it (I think it is completely ignored at the
moment).
Cheers,
Max
On 03/22/2010 11:21 AM, Ben DJ wrote:
hi,
what does
--disable-external-modules
do?
whether or not it's included, t
hi,
what does
--disable-external-modules
do?
whether or not it's included, the external perl modules are built &
installed ...
BenDJ
--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. S
Hi Ben,
for the PERL modules, there are several warnings. First of all, the
Net-SSLeay on CPAN does not support openssl-0.9.9+ / it won't compile.
Secondly, there have been problems in the past to rely on CPAN and
modules already installed on different systems... That's why we
install the modules
Hi Max,
On Sun, Mar 21, 2010 at 3:16 PM, Massimiliano Pala
wrote:
> Hi Ben,
>
> try this:
>
> ./configure --prefix=/usr/local/openca
>--with-openca-tools-prefix=/usr/local/openca
Ok, that works,
./configure --prefix=/usr/local/openca
--with-openca-tools-prefix=/usr/local/openca
--with-b
Hi Ben,
try this:
./configure --prefix=/usr/local/openca
--with-openca-tools-prefix=/usr/local/openca
Let me know,
Max
On 03/21/2010 06:03 PM, Ben DJ wrote:
./configure --prefix=/usr/local/openca
--with-build-dir=/build/openca_build
--with-openca-tools-prefix=/usr/local/openca/
Hi Graham,
you should use the options for setting the "openca" user/group. That is:
$ ./configure --with-openca-user=<...> --with-openca-group=<...>
that should fix your problem. Also, to build both the source and the
binary, update the Makefile.devel (line 225) and use the -ta instead
of -t
A little update to this post. I had only en_US.UTF-8 and ro_RO.UTF-8
locales generated. Now, with en_GB.UTF-8 added, on first access I get
the public interface completely in English, no matter if
default_language is ro_RO. Language switching from Language sub-menu
works ok.
On Wed, Mar 10, 2010 at
Massimiliano Pala schrieb:
> Hi Hugi,
>
> thanks for the tip.. I am trying to deal with many aspects of the
> project,
> and... I should also sleep sometime... hehehe!! :D
Know what you are talking about. My hobby is CAcert in my leisure time,
as I think basic digital security should be for free
That would be great :D
Cheers,
Max
On 03/09/2010 01:21 PM, John A. Sullivan III wrote:
[...]
We have some documentation we've contributed in the past. I can try to
dust it off and get it back on there. It's going to be a little while
though as we are all hands to the pump with a new company
On Tue, 2010-03-09 at 10:39 -0500, Massimiliano Pala wrote:
> Hi Hugi,
>
> thanks for the tip.. I am trying to deal with many aspects of the project,
> and... I should also sleep sometime... hehehe!! :D Anyhow, do you have any
> suggestion on how to practically organize the wiki ?
>
> Right now I
Hi Hugi,
thanks for the tip.. I am trying to deal with many aspects of the project,
and... I should also sleep sometime... hehehe!! :D Anyhow, do you have any
suggestion on how to practically organize the wiki ?
Right now I organized in such a way that for each Project we have:
News, Fixes, Docs
Massimiliano Pala-2 wrote:
>
> Hi Guys,
>
> I am trying to finish the testing of the new version and adding
> documentation
> for installing OpenCA on the WiKi.
>
> http://www.openca.org/wiki/
>
> If you have time to check it and let me know what you think about it, that
> would be grea
Hi,
attached "home_body.inc-1.de_DE"
Chris
Massimiliano Pala schrieb:
> Hi Guys,
>
> is any of you willing to provide a translation of the new default
> homepage
> for the OpenCA project ? I have the en_GB and the it_IT translations (I
> attach them). Please let me know if you can translate them
Hi all,
I tried to go deeper into issues related to PostgreSQL, and I fixed a couple
of bugs in the DBI module. Sorry for the inconvenience.
I posted the complete solution on our wiki pages:
http://mm.cs.dartmouth.edu/wiki/index.php/OpenCA_PKI_v1.1.0
please let me know if there are still pr
Hello Erik,
so far I have an Ubuntu 9.10 ... do you know when the new Ubuntu release
will be available ? I need it in order to be able to provide a binary
package for it.
Anyhow, the source code version should work fine.. the installation script
is definitely better than the old one :)
For the
Hello David,
I am not sure what the problem is here... have you checked the Apache
logs and the openca logs ?
I definitely would suggest to use the 1.0.2+ version (also check the
wiki for the available patches for the current versions) as it definitely
is more stable and the UI is better organiz
Hi,
you should use the ``backup'' tool from the NODE interface. That's the
only one that works.. the old scripts are not updated (and should be
either removed from the distro or upgraded to support the current DBs...).
Later,
Max
On 10/29/2009 11:53 AM, Yildirim Zaynal wrote:
For upgrading fr
Have you tried to make the backup using the node interface?
Yildirim Zaynal wrote:
> I would also do that if possible. But its a production machine, and need to
> keep the old database and continue on that.
>
> 2009/10/29
>
>>
>> I would recommend a clean install.
>>
>>
>>
>> -
I would also do that if possible. But its a production machine, and need to
keep the old database and continue on that.
2009/10/29
>
> I would recommend a clean install.
>
>
>
> --
> Come build with us! The BlackBerry(R
I would recommend a clean install.
--
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile
Hi David,
here's the best way to reach the CVS repository:
rsync rsync://cvs.openca.org/cvs/libpki/
The snaps of the libpki are available at:
http://ftp.openca.org/libpki/
We are not currently using the CVS on SF... maybe we should, at some
point... :D
Later,
Max
On 10/5/09
Hi David,
here's the best way to reach the CVS repository:
rsync rsync://cvs.openca.org/cvs/libpki/
The snaps of the libpki are available at:
http://ftp.openca.org/libpki/
We are not currently using the CVS on SF... maybe we should, at some
point... :D
Later,
Max
On 10/5/09
Hi Max,
Could you tell me is there an world-readable revision control system
(e.g. CVS, SVN, git, ...) for OpenCA and LibPKI? The CVS on SourceForge
seems to be out of date...
Kind regards,
David
--
Dr David O'Callaghan
Research Fellow - Grid-Ireland - e-INIS - Computer Architecture & Gri
Hi,
I also wrote a couple of patches to improve the usability.
One patch adds a role for an OCSP responder including its extension.
Another changes the cert retrieval by changing the link in the emails
and change the "get requested certificate" to point the search engine
to the cert detailes
Hi Max,
On 07/05/09 21:41, Massimiliano Pala wrote:
> The 1.0.2+ of OpenCA improved the user interfaces by adopting dynamic
> menus.. but I know there is still much work to do there... one step
> at a time... :D
I've made some changes (I'd call them improvements :) to the dynamic
menu stylesheet
Hi John,
actually I agree with you - the complexity of the PKIs, both from the
management and final-user points of view, is enough to scare even the
most techy person.. And this is reflected in the User Interfaces...
I am trying to work on it - especially by leveraging the PRQP which
should help
On Wed, 2009-05-06 at 20:29 -0400, Massimiliano Pala wrote:
> Dear OpenCA community,
>
> we are trying to understand how to improve the current way that browsers
> User Interface interact with the users when it comes to PKIs. In particular
> we are interested in:
>
> How to improve the brow
On 05/05/09 16:01, Lenir Santiago wrote:
> 1) When I try to generate the request as you suggested:
>
> HOSTNAME=ca.mycompany.net
> mkdir $HOSTNAME
> openssl req -config
> $PREFIX/etc/openca/openssl/openssl/Web_Server.conf -new -key
> $HOSTNAME/hostkey.pem -out $HOSTNAME/hos
a lot of requests for servers.
CACert.org has this and I think it would be a great feature to add to
openca.
Thanks again for your help.
Lenir
-Original Message-
From: David O'Callaghan [mailto:david.ocallag...@cs.tcd.ie]
Sent: Tuesday, May 05, 2009 4:59 AM
To: Users' Help an
Hi Lenir,
Looks fine to me up to step 7.
On 01/05/09 19:33, Lenir Santiago wrote:
> Question: Does Common Name (e.g. Name Surname) need to be the hostname
> of the openca server? Or it same as the company name?
I would suggest the CN should be a name for the CA itself, so "My
Company CA" or "M
>I'm not sure what the problem is. It appears you are missing basic
>parts of the tarball but I don't know how make test works. Could your
>directory be corrupt or out of space (a wild guess as I would think the
>response would be different to out of space)? This doesn't look like a
>dependency
Hello guys,
Does anybody have any ideas on the issues below?
Thanks,
Lenir
From: Lenir Santiago [mailto:le...@tristarcorp.net]
Sent: Friday, May 01, 2009 2:34 PM
To: 'Users' Help and Suggestions'
Subject: OpenCA Post Install Questions
Guys,
I have openCA up and running and I
This is the only manual I'm aware of
http://www.openca.org/slides/openca_ocspd_tutorial.pdf
Dave--
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform ca
On Tue, 2009-02-24 at 20:10 -0800, weihao.ma wrote:
> Hi all,
> I'am newer to OpenCA, and having a troubles with OpenCA 1.0.2 installation
> in fedora 9.
>
> I managed to build the code , but when i performed "make test" and got some
> errors.
>
> What's the promble ? Failed with the following e
Yildirim Zaynal wrote:
> trying to start the openca 1.0.2. i get this error:
> Starting OpenCA ... Logging is not initialized.
> Configuration error: Missing Configuration Keyword : CgiCmdsPath
CgiCmdsPath is actually set in node.conf(.template).
Please post how you did install openca (configure
Yildirim Zaynal wrote:
> Would it be worth to try to upgrade to 1.0.2? how would it comply with
> the current database used by 0.9.2.5? it just seems like to much
> work..
Upgrading to 1.0.2 fixes a lot of configuration issues. Additionally,
more features like stronger encryption, CRL extensio
I will work on a script to check the newly signed certificates and
using a cronjob send email through an smtp relay server.
Would it be worth to try to upgrade to 1.0.2? how would it comply with
the current database used by 0.9.2.5? it just seems like to much
work..
BTW, trying to start the openca
1 - 100 of 631 matches
Mail list logo
